Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Key Life Cycle Management APIs

Enabling Key for Rotation Job

search

Please Note:

Enabling Key for Rotation Job

Use the post /v1/cckm/aws/keys/{id}/enable-rotation-job API to enable an AWS key for scheduled rotation job. To use this API, first create a new rotation job configuration, the job_config_id is required to call this API. Refer to Scheduling Key Rotation for details.

Syntax

curl -k '<IP>/api/v1/cckm/aws/keys/{id}/enable-rotation-job' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "job_config_id": "<job config id>",\n  "auto_rotate_disable_encrypt": <boolean>\n}' --compressed

Here, {id} represents the key ID.

Request Parameters

ParameterTypeDescription
AUTHTOKENstringAuthorization token.
auto_rotate_domain_idstringID of the domain in which the DSM key will be created.
auto_rotate_key_sourcestringSource of the key material. Possible options are:
local for CipherTrust Manager (default)
dsm for Data Security Manager
hsm-luna for Luna HSM (FM-enabled Luna HSM is not supported as a key source)
external-cm for external CipherTrust Manager
job_config_idstringID of the scheduler configuration job that will schedule the key rotation.
auto_rotate_disable_encryptbooleanFlag to disable encryption on the old key.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/aws/keys/f36e8dbb-0259-4c61-a35f-d74b6d39effc/enable-rotation-job' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjNWMwZGJlNC1lMmJmLTQ3M2MtODY4MC01NWVkMWIzMDEzMmEiLCJzdWIiOiJsb2NhbHxhNjdjMzc0OC05YTRiLTRhZGQtYjNkOS0wNTRiYTIwYmUzYWMiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDhkNDI5ZjktNDgzYi00ODdlLWJjOTQtNGE1Mjc2ZDI2ZjZjIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjZlZWE0NWJlLTc5NTMtNGUzZS1iNWJjLWZlZDEwMmZhNGNiYSIsImlhdCI6MTYwNDU1OTMxOSwiZXhwIjoxNjA0NTU5NjE5fQ.8BNfjt82PmwBoIzFsUk2eh4AvWwrjZxRiewK9Hyp67A' -H 'Content-Type: application/json' --data-binary $'{\n  "job_config_id": "b080efd5-946f-4d59-b6e4-11ba362d9c98",\n  "auto_rotate_disable_encrypt": true\n}' --compressed

Example Response

{
"id": "f36e8dbb-0259-4c61-a35f-d74b6d39effc",
"uri": "kylo:kylo:cckm:aws-key:f36e8dbb-0259-4c61-a35f-d74b6d39effc",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2020-11-05T06:57:55.533058Z",
"updatedAt": "2020-11-05T06:58:08.450289264Z",
"kms_id": "0b90f8de-8617-498d-ad63-ca18eb717ae7",
"kms": "kms",
"labels": {
    "disable_encrypt_on_auto_rotate": "true",
    "job_config_id": "b080efd5-946f-4d59-b6e4-11ba362d9c98"
},
"synced_at": "2020-11-05T06:57:55.527352Z",
"rotation_status": "",
"cloud_name": "aws",
"key_type": "symmetric",
"basic_view_enabled": false,
"region": "ap-south-1",
"gone": false,
"key_material_origin": "native",
"aws_param": {
    "AWSAccountId": "123456789012",
    "Arn": "arn:aws:kms:ap-south-1:123456789012:key/9905c8da-2a0f-4666-a9c9-555c2567a242",
    "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
    "Enabled": true,
    "EncryptionAlgorithms": [
        "SYMMETRIC_DEFAULT"
    ],
    "KeyID": "9905c8da-2a0f-4666-a9c9-555c2567a242",
    "KeyManager": "CUSTOMER",
    "KeyState": "Enabled",
    "KeyUsage": "ENCRYPT_DECRYPT",
    "Origin": "AWS_KMS",
    "CreationDate": "2020-11-05T06:57:42Z",
    "Policy": {
        "Id": "key-default-1",
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "Enable IAM User Permissions",
                "Action": "kms:*",
                "Effect": "Allow",
                "Resource": "*",
                "Principal": {
                    "AWS": "arn:aws:iam::123456789012:root"
                }
            }
        ]
    },
    "Alias": [
        "alias/aws-test-key-1"
    ],
    "Tags": [
        {
            "TagKey": "key",
            "TagValue": "value"
        }
    ],
    "KeyRotationEnabled": false
}
}

The sample output shows that the key (with ID a22742b4-2ad9-4f4a-9103-3507bed1420e) is enabled for the scheduled key rotation.

To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.

Response Codes

Response CodeDescription
2xxSuccess
4xxClient errors
5xxServer errors

Refer to HTTP status codes for details.

On this page